Resubmissions

29-04-2021 00:24

210429-zlrd5mr8ke 10

27-04-2021 19:02

210427-4qrnfw951s 10

General

  • Target

    ee1db7f0ad39df1af6eb5166447b1471.exe

  • Size

    386KB

  • Sample

    210429-zlrd5mr8ke

  • MD5

    ee1db7f0ad39df1af6eb5166447b1471

  • SHA1

    9111bc344d733b1aba0aef2e81b5e9fbc9d01e8f

  • SHA256

    842e396f05d590ec88da30e6180dfb29a7aec16e3ef5b49398fde8b79e4090bd

  • SHA512

    26366e9fbc998105a4ee00ab91abb4110fc8849a513a29821e3611a3762cfb083722bc83836704de87531e9164d648e16b6a381daa3f046ead17ac4422fab0e0

Malware Config

Targets

    • Target

      ee1db7f0ad39df1af6eb5166447b1471.exe

    • Size

      386KB

    • MD5

      ee1db7f0ad39df1af6eb5166447b1471

    • SHA1

      9111bc344d733b1aba0aef2e81b5e9fbc9d01e8f

    • SHA256

      842e396f05d590ec88da30e6180dfb29a7aec16e3ef5b49398fde8b79e4090bd

    • SHA512

      26366e9fbc998105a4ee00ab91abb4110fc8849a513a29821e3611a3762cfb083722bc83836704de87531e9164d648e16b6a381daa3f046ead17ac4422fab0e0

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    • Bazar/Team9 Backdoor payload

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks